Skip to content

Document TunnelType parameter for New-NetIPsecRule #4053

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Document TunnelType parameter for New-NetIPsecRule #4053

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cda5ec2
Document TunnelType parameter for New-NetIPsecRule
dallasbrooks Nov 5, 2025
8e677e4
Merge branch 'main' into patch-1
dallasbrooks Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 23 additions & 1 deletion docset/winserver2025-ps/NetSecurity/New-NetIPsecRule.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Creates an IPsec rule that defines security requirements for network connections
New-NetIPsecRule [-PolicyStore <String>] [-GPOSession <String>] [-IPsecRuleName <String>] -DisplayName <String>
[-Description <String>] [-Group <String>] [-Enabled <Enabled>] [-Profile <Profile>] [-Platform <String[]>]
[-Mode <IPsecMode>] [-InboundSecurity <SecurityPolicy>] [-OutboundSecurity <SecurityPolicy>]
[-QuickModeCryptoSet <String>] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-KeyModule <KeyModule>]
[-QuickModeCryptoSet <String>] [-Phase1AuthSet <String>] [-Phase2AuthSet <String>] [-KeyModule <KeyModule>] [-TunnelType <TunnelType>]
[-AllowWatchKey <Boolean>] [-AllowSetKey <Boolean>] [-LocalTunnelEndpoint <String[]>]
[-RemoteTunnelEndpoint <String[]>] [-RemoteTunnelHostname <String>] [-ForwardPathLifetime <UInt32>]
[-EncryptedTunnelBypass <Boolean>] [-RequireAuthorization <Boolean>] [-User <String>] [-Machine <String>]
Expand Down Expand Up @@ -445,6 +445,28 @@ Accept pipeline input: False
Accept wildcard characters: False
```

### -TunnelType
Specifies that matching IPsec rules of the indicated tunnel type are created.
This parameter specifies which tunnel type to negotiate.
The acceptable value for this parameter is: PointToSite.

- PointToSite: Indicates that the IPsec rule applies only to point-to-site tunnels, typically used for connecting an individual client to a network.

The default value is PointToSite. This setting is very advanced and should only be modified for specific interoperability or security scenarios. Overriding this parameter incorrectly may result in rules not applying as intended, potentially leaving traffic unprotected. Windows versions prior to Windows Server 2025 do not support explicit tunnel type configuration.

```yaml
Type: TunnelType
Parameter Sets: (All)
Aliases:
Accepted values: PointToSite

Required: False
Position: Named
Default value: PointToSite
Accept pipeline input: False
Accept wildcard characters: False
```

### -LocalAddress
Specifies that network packets with matching IP addresses match this rule.
This parameter value is the first end point of an IPsec rule and specifies the computers that are subject to the requirements of this rule.
Expand Down